Changes between Version 8 and Version 9 of GeniApiInstallationMyPlc


Ignore:
Timestamp:
03/22/11 21:20:46 (13 years ago)
Author:
tupty@bbn.com
Comment:

gst 2058 replacing old documentation with links to new page

Legend:

Unmodified
Added
Removed
Modified
  • GeniApiInstallationMyPlc

    v8 v9  
    1 [[PageOutline]]
    2 
    3 = MyPLC & SFA Installation and Configuration =
    4 
    5 Start at step 9 if your VM was installed with myplc by the sysadmin[[BR]]
    6 Start at step 1 if your VM is a vanilla fedora8 VM[[BR]]
    7 
    8 === Install myplc using a vanilla fedora VM ===
    9 
    10  1. Install Fedora 8 in a virtual machine
    11  * See [wiki:GeniApiInstallingFedora8 Installing Fedora 8] for info and tips for configuring Fedora 8 for MyPLC [[BR]]
    12  
    13 
    14  2. Add the MyPLC yum repository:
    15 {{{
    16 sudo sh -c 'echo "[myplc]" > /etc/yum.repos.d/myplc.repo'
    17 sudo sh -c 'echo "name= MyPLC" >> /etc/yum.repos.d/myplc.repo'
    18 sudo sh -c 'echo "baseurl=http://build.planet-lab.org/planetlab/f8/pl-f8-i386-4.3-k22-latest/RPMS/" >> /etc/yum.repos.d/myplc.repo'
    19 sudo sh -c 'echo "enabled=1" >> /etc/yum.repos.d/myplc.repo'
    20 sudo sh -c 'echo "gpgcheck=0" >> /etc/yum.repos.d/myplc.repo'
    21 }}}
    22 
    23  3. Install MyPLC (and about fifty other packages):
    24 {{{
    25 sudo yum install myplc
    26 }}}
    27 
    28  4. Configure Iptables to allow incoming http and SFA connections[[BR]]
    29    Edit /etc/sysconfig/iptables/
    30 
    31 {{{
    32 
    33 # Webservers should allow inbound HTTP connections
    34 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    35 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
    36 # Ports needed for SFA work
    37 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12345 -j ACCEPT
    38 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12346 -j ACCEPT
    39 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12347 -j ACCEPT
    40 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12348 -j ACCEPT
    41 
    42 }}}
    43 
    44  5. Make sure selinux is disabled[[BR]]
    45  * edit /etc/selinux/config (as root) to set SELINUX=disabled
    46  
    47  6. Make sure apache is installed. The version does not matter.[[BR]]
    48 
    49  7. Configure some PLC variables:
    50 {{{
    51 sudo plc-config-tty
    52 }}}
    53  In plc-config-tty:
    54   * Enter 'u' to make "usual" changes. Change the following settings (leave the others as they are):
    55    * PLC_NAME : A name to identify your MyPLC instance, e.g. "JBS PLC"
    56    * PLC_SHORTNAME : A shorter identifying name, e.g. "jbsplc"
    57    * PLC_SLICE_PREFIX : The prefix for slice names, e.g. jbspl (NOTE: Do not use underscores here, or you'll get "PLC: Bootstrapping the database:                           [FAILED]" at PLC startup)
    58    * PLC_ROOT_USER : Your e-mail address, e.g. "jbs@bbn.com" (NOTE: Do not use a plus character here, or sfa_import.py will fail later)
    59    * PLC_ROOT_PASSWORD : A (new for this purpose) password you know
    60    * PLC_MAIL_ENABLED : [false] true
    61    * PLC_MAIL_SUPPORT_ADDRESS : [root+support@localhost.localdomain] plc-admin@<FQDN of the machine >
    62    * PLC_WWW_HOST : The name where you'd like to run the MyPLC web site (e.g. the FQDN of the machine, or localhost.localdomain)
    63    * PLC_NET_DNS1 : The first nameserver in resolv.conf on the system (e.g. "192.1.249.10")
    64    * PLC_NET_DNS2 : The second nameserver in resolv.conf on the system, if there is one
    65   * When it drops back to the prompt, enter 's PLC_DB_PASSWORD' to display the PLC DB password, and note it down (SFA will need this later).
    66   * Enter 'w' to save changes, then 'q' to quit.
    67 
    68  8. Reboot the machine. plc will start automatically on bootup
    69 
    70 {{{
    71 ps -ef | grep plc
    72 root      6394     1  0 May21 ?        00:00:00 plc_httpd
    73 nobody    6715     1  0 May21 ?        00:00:00 plc_dnsmasq
    74 apache    8538  6394  0 12:47 ?        00:00:00 plc_httpd
    75 apache    8928  6394  0 13:24 ?        00:00:00 plc_httpd
    76 apache    8943  6394  0 13:24 ?        00:00:00 plc_httpd
    77 apache    8944  6394  0 13:24 ?        00:00:00 plc_httpd
    78 apache    8949  6394  0 13:24 ?        00:00:00 plc_httpd
    79 apache    8950  6394  0 13:24 ?        00:00:00 plc_httpd
    80 apache    8951  6394  0 13:24 ?        00:00:00 plc_httpd
    81 apache    8952  6394  0 13:24 ?        00:00:00 plc_httpd
    82 agosain   9344  9315  0 13:58 pts/0    00:00:00 grep plc
    83 
    84 }}}
    85 
    86 === Start Here if you requested a Myplc VM from the sysadmin ===
    87 
    88 9. Set up ~/.sfi, and create a new SSH key and config file for the admin user of myplc
    89 {{{
    90 mkdir ~/.sfi
    91 ssh-keygen -f .sfi/root.pkey -N ''
    92 rm ~/.sfi/*.cert
    93 }}}
    94 
    95 10. List and take note of plc-config-tty variables as you will need them later
    96 
    97 {{{
    98 $ sudo plc-config-tty
    99 Enter command (u for usual changes, w to save, ? for help) u
    100 == PLC_NAME : [myplc2.gpolab.bbn.com]
    101 == PLC_SHORTNAME : [myplc2]
    102 == PLC_SLICE_PREFIX : [gpotest]
    103 == PLC_ROOT_USER : [root@localhost.localdomain]
    104 == PLC_ROOT_PASSWORD : [root]
    105 == PLC_MAIL_ENABLED : [true]
    106 == PLC_MAIL_SUPPORT_ADDRESS : [plc-admin@myplc2.gpolab.bbn.com]
    107 == PLC_DB_HOST : [128.89.91.3]
    108 == PLC_API_HOST : [128.89.91.3]
    109 == PLC_WWW_HOST : [128.89.91.3]
    110 == PLC_BOOT_HOST : [128.89.91.3]
    111 == PLC_NET_DNS1 : [128.33.0.20]
    112 == PLC_NET_DNS2 : [128.33.1.20]
    113 Enter command (u for usual changes, w to save, ? for help) s PLC_DB_PASSWORD
    114 PLC_DB_PASSWORD = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx
    115 Enter command (u for usual changes, w to save, ? for help) q
    116 
    117 }}}
    118 
    119 11. Browse to your MyPLC web interface by the name you used for PLC_WWW_HOST above, via HTTPS, and log in using the username and password you used as PLC_ROOT_USER and PLC_ROOT_PASSWORD above.
    120 
    121  * Replace the default key with your the SSH public key you created a moment ago:
    122   * On the home page, select ''My Account'' on the left menu bar.
    123   * Scroll down to "One Key", and click on the arrow next to it.
    124   * Select the box next to the existing key, and click "Remove keys".
    125   * Click "Browse..." to find your public key, and upload it
    126 
    127 12. Create a new site in myplc, this is where your nodes will get installed
    128   * Click "logout of <myplc_instance_name>"
    129   * On the left menu bar, click "File a site registration"
    130   * Fill out the long form -- make sure that site name and login base are the same
    131    * Site name: gpotest // same as login base
    132    * login base: gpotest // same as site name
    133    * abbreviated: gpotest
    134    * URL: http://some.dummy.url.net
    135    * Lat/Long: 1
    136    * Max slices: 100
    137    * For Principal Investigator information use the same email and password as for PLC_ROOT_USER and PLC_ROOT_PASSWORD
    138    * Fill the rest in with dummy information
    139   * Log back into myplc as admin, and click on 'pending requests' in the sites section on the left  menu
    140   * Click on the site name
    141   * Hit the approve button
    142  
    143 13. Create a new user in myplc, this is where your slices will get created
    144   * Click "logout of <myplc_instance_name>"
    145   * Click on "Create an Account"
    146   * First name: *       
    147   * Last name: *       
    148   * E-mail: Your E-mail address must be able to receive e-mail and will be used as your username:       
    149   * Password: *
    150   * Site: Select the site where you belong :
    151   * Enable your account
    152   * Go to My Account-> All Accounts->Click on your account-> Enable
    153   * Replace the default key with your the SSH public key:
    154   * On the home page, select ''My Account'' on the left menu bar.
    155   * Scroll down to "No Key", and click on the arrow next to it.
    156   * Click "Browse..." to find your public key, and upload it
    157 
    158 14. Add your !PlanetLab nodes to the new site. Make sure the sysadmin tells you the port number on power1.gpolab.bbn.com the node is connected to.[[BR]]
    159     power1.gpolab.bbn.com is the power controller for the node to control remote reboots
    160   * We want to only focus on this new site, gpolab1, so remove other sites from the account
    161    * Click on My Account on left menu
    162    * Click on '2 sites' down arrow
    163    * Click on any sites that aren't 'gpolab1' and hit the remove sites button
    164   * Now logout and log back in as root
    165   * '''NOTE''' The Add node option and Register Node option on the web interface do the same thing. However, our DNS entries 128.33.0.20 is not accepted by the Add Node tab as the routine complains about
    166 
    167 {{{
    168  Cannot create entry as address is not in /25 network
    169 }}}
    170 
    171   * Click on 'Register Node' under admin search on left menu and add your node (must use a full hostname)
    172    * Fill in the information
    173 
    174 {{{
    175 Register a New PCU
    176 Site: gpolab1           
    177 Model:  APC Ap79XXX sequence 1-2-1-port-3
    178 Hostname: power1.gpolab.bbn.com
    179 IP Address: 192.1.249.15
    180 Username: <ask sysadmin>       
    181 Password: <ask sysadmin>
    182 }}}
    183 
    184 {{{
    185 Site      gpolab1
    186 Hostname  saba.gpolab.bbn.com   
    187 Model     Custom
    188 Method     Static
    189 IP address 128.89.91.14
    190 Netmask    255.255.255.128
    191 Network    128.89.91.0
    192 Broadcast  128.89.91.127
    193 Gateway    128.89.91.1
    194 DNS 1      128.33.0.20
    195 DNS 2      128.33.1.20
    196 
    197 }}}
    198 
    199 15. After the node shows up in the site it was created in, Select "Reinstall" for "Preferred Boot State" and "download iso .." for "Download"
    200 
    201 16. Save the ISO file , burn it on a CD and install it on the node
    202 
    203 17. It will take 10 minutes for the node to install completely and the "Observed Boot state" will change from "Reinstall" to "Boot"
    204  
    205 
    206 === Install SFA ===
    207 
    208 
    209   1. Installing SFA via RPM (the SFA packages come from the same yum repo added in step 2 of installing myplc)
    210   {{{
    211   sudo yum update fedora-release
    212   sudo yum install sfa sfa-plc sfa-client
    213   }}}
    214 
    215  
    216   To install from git (should not normally be needed)
    217   {{{
    218   sudo yum update fedora-release
    219   sudo yum install m2crypto python-dateutil python-psycopg2 myplc-config pyOpenSSL python-ZSI libxslt-python xmlsec1-openssl-devel python-lxml
    220   git clone git://git.planet-lab.org/sfa.git
    221   cd sfa
    222   make ; sudo make install
    223   }}}
    224 
    225 
    226  2. Configure some SFA variables:
    227 {{{
    228 sudo sfa-config-tty
    229 }}}
    230  In sfa-config-tty:
    231   * Enter 'u' to make "usual" changes. Anywhere you see localhost, replace that with your server's domain or IP address.  Other specific changes are:
    232    * SFA_INTERFACE_HRN: This should be 'plc.gpotest'.  In general it is plc.X where X is your PLC slice prefix from above
    233    * SFA_REGISTRY_ROOT_AUTH: this should be 'plc'
    234    * SFA_PLC_USER: The same as PLC_ROOT_USER above
    235    * SFA_PLC_PASSWORD: The same as PLC_ROOT_PASSWORD above
    236    * SFA_PLC_DB_PASSWORD: PLC sets this, run 'plc-config-tty'
    237    * type 'l' to list variables, and copy the PLC_DB_PASSWORD value
    238   * Enter 'w' to save changes, then 'q' to quit.
    239 
    240  3. Start up SFA once, to create the initial /etc/sfa/sfa_config.py, and stop it again:
    241 {{{
    242 sudo service sfa reload
    243 }}}
    244 
    245  4. Import your PLC database into SFA:
    246 {{{
    247 sudo sfa-import-plc.py  # if this fails, try running sfa-nuke-plc.py and then running again
    248 }}}
    249 
    250  5. Start up SFA again:
    251 {{{
    252 sudo service sfa start
    253 }}}
    254 
    255  6. Create the SFA client's config file. use the primary user name which myplc knows about. In this case it is root@localhost.localdomain. Be sure to use your new site's name, such as 'gpolab1'
    256 {{{
    257 echo 'SFI_AUTH="plc.gpotest.gpolab1"' > .sfi/sfi_config
    258 echo 'SFI_USER="plc.gpotest.gpolab1.root"' >> .sfi/sfi_config
    259 echo 'SFI_REGISTRY="http://localhost:12345"' >> .sfi/sfi_config
    260 echo 'SFI_SM="http://localhost:12347"' >> .sfi/sfi_config
    261 echo 'SFI_GENI_AM="http://localhost:12348"' >> .sfi/sfi_config
    262 }}}
    263 
    264  7. Test that it works:
    265   {{{
    266   [jkarlin@dhcp89-081-074 client]$ sfi.py version
    267   {'geni_api': 1, 'sfa': 1}
    268   }}}
    269 
    270   The version call is a GENI API call, and should return 'geni_api': <version number>
    271 
    272   Some other things you can try to make sure SFA is properly configured:
    273 
    274   {{{
    275   sfi.py list plc.gpotest.gpolab1
    276   }}}
    277   Expect output like this:
    278   {{{
    279   plc.gpotest.gpolab1.jbs (user)
    280   ...
    281   }}}
    282   And then run this:
    283   {{{
    284   sfi.py resources
    285   }}}
    286   It should give you back some xml.. and not an error.
    287 
    288 * Further testing information will be written soon.
    289 
    290 ''' GOTCHAS '''
    291 
    292  1.  [[BR]]
    293 
    294 {{{
    295 sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Cert URN is not an extension of its parent: plc.gpotest
    296 }}}
    297 
    298  * Clean up all of the keys imported from the old sfa-import-plc and run it over again
    299 
    300 {{{
    301 /etc/init.d/sfa/stop
    302 rm -rf /var/lib/sfa/authorities
    303 rm /etc/sfa/trusted_roots/*
    304 sfa-nuke-plc.py
    305 sfa-import-plc.py
    306 /etc/init.d/sfa/start
    307 }}}
    308 
    309 
    310  2. [[BR]]
    311 
    312 {{{
    313 sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Connection Key GID mismatch: plc.gpotest.gpolabr2.root
    314 }}}
    315 
    316  * did you upload the new public key to myplc web interface; '' My Account '' for the primary user of myplc[[BR]]
    317 
    318    rerun sfa-import-plc.py
    319  
    320 {{{
    321 sfi.py list plc.gpotest.gpolab1
    322 }}}
    323 
    324 
    325  3. [[BR]]
    326 
    327 {{{
    328 sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Cert
    329 an extension of its parent: plc.gpotest
    330 }}}
    331 
    332  * Make sure the user in the key-gen step is the primary user of myplc [[BR]]
    333 
    334 
    335 {{{
    336 SFI_USER="plc.gpolab.gpolabr2.root"
    337 }}}
    338 
    339 
    340 
    341 {{{
    342 ssh-keygen -f .sfi/root.pkey -N ''
    343 }}}
    344 
    345 4.[[BR]]
    346 
    347 Adding a node using planetlab CLI. This is a work around for "Add Node" not working and an alternative to the web interface "Register Node"
    348 
    349 {{{
    350 sudo plcsh
    351 }}}
    352 
    353 Once inside the plantlab shell type these commands and press enter after each line[[BR]]
    354 
    355 {{{
    356 newnode={}
    357 newnode["boot_state"]="reinstall"
    358 newnode["model"]="Custom"
    359 newnode["deployment"]="planetlab"
    360 newnode["hostname"]="gardil.gpolab.bbn.com"
    361 AddNode("<login base of your site>",newnode)
    362 }}}
    363 
    364 ''' Note ''' : make sure that the [[BR]]
    365 
    366 {{{
    367 newnode["deployment"]="planetlab"
    368 }}}
    369 
    370 field value matches the value under <> brackets /var/ww/html/boot/bootstrapfs-<planetlab>.tar.bz2 on the myplc server[[BR]]
    371 
    372 {{{
    373 newinterface={}
    374 newinterface["network"]="192.1.249.128"
    375 newinterface["is_primary"]=True
    376 newinterface["dns1"]="192.1.249.10"
    377 newinterface["dns2"]=""
    378 newinterface["mac"]=""
    379 newinterface["netmask"]="255.255.255.192"
    380 newinterface["gateway"]="192.1.249.129"
    381 newinterface["broadcast"]="192.1.249.191"
    382 newinterface["ip"]="192.1.249.147"
    383 newinterface["method"]="static"
    384 newinterface["type"]="ipv4"
    385 AddInterface("gardil.gpolab.bbn.com",newinterface)
    386 
    387 }}}
    388 
    389 5.[[BR]]
    390 {{{
    391 sudo sfa-import-plc.py
    392 Hierarchy: creating authority: plc
    393 using existing key /var/lib/sfa/authorities/plc/plc.pkey for authority plc
    394 Segmentation fault
    395 }}}
    396 
    397 If sfa-import-plc.py seg faults, it could be because pyOpenSSL is out of date. 
    398 
    399 Try:
    400 {{{
    401 sudo yum upgrade pyOpenSSL
    402 }}}
    403 
    404 Go to the myplc web interface and the node should be available. Follow steps 15-17 to complete installation
     1Please see GpoLab/MyplcReferenceImplementation for updated documentation on MyPLC with SFA.